
United States Patent and Trademark Office 



UNITED STATES DEPARTMENT OF COMMERCE 
United States Patent and Trademark Office 
Address: COMMISSIONER FOR PATENTS 
P.O. Box 1450 

Alexandria, Virginia 22313-1450 
www.uspto.gov 



APPLICATION NO. 



FILING DATE 



FIRST NAMED INVENTOR 



ATTORNEY DOCKET NO. 



CONFIRMATION NO. 



09/920,525 



08/01/2001 



Lorenzo De Leon 



4743 7590 04/29/2005 

MARSHALL, GERSTEIN & BORUN LLP 
233 S. WACKER DRIVE, SUITE 6300 
SEARS TOWER 
CHICAGO, IL 60606 



29948/37079 



5956 



EXAMINER 



SCHUBERT, KEVIN R 



ART UNIT 



PAPER NUMBER 



2137 

DATE MAILED: 04/29/2005 



Please find below and/or attached an Office communication concerning this application or proceeding. 



PTO-90C (Rev. 10/03) 



Office Action Summary 


Application No. 

09/920,525 


Applicant(s) 

LEON, LORENZO DE 


Examiner 

Kevin Schubert 


Art Unit 

2137 





- The MAILING DATE of this communication appears on the cover sheet with the correspondence address - 



Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .1 36(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to repty within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 1 33). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1)^ Responsive to communication(s) filed on 01 August 2001 . 
2a)D This action is FINAL. 2b)S This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quay/e, 1935 CD. 1 1 , 453 O.G. 213. 

Disposition of Claims 

4) ^ Claim(s) 1-22 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) E3 Claim(s) 1^22 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) 0 The specification is objected to by the Examiner. 

10) ^ The drawing(s) filed on 01 August 2001 is/are: a)D accepted or b)E<] objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

1 1) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 
a)D All b)D Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2.D Certified copies of the priority documents have been received in Application No. . 

3-D Copies of the certified copies of the priority documents have been received in this National Stage 
application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 



Attachment(s) 

1) ^ Notice of References Cited (PTO-892) 
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DETAILED ACTION 

Claims 1-22 have been considered. 



Drawings 

5 A new corrected drawing in compliance with 37 CFR 1.121(d) is required in this application for 

Figure 1. The Figure lacks suitable identifiers. For example, 22,24,26,28, and 30 should be labeled "end 
users" and 32,34,36, and 38 should be labeled "sponsor sites". Appropriate correction is required. 

Applicant is advised to employ the services of a competent patent draftsperson outside the Office, 
as the U.S. Patent and Trademark Office no longer prepares new drawings. The corrected drawings are 
1 0 required in reply to the Office action to avoid abandonment of the application. The requirement for 
corrected drawings will not be held in abeyance. 

Information Disclosure Statement 
The information disclosure statement filed 7 March 2002 fails to comply with the provisions of 37 
15 CFR 1.97, 1.98 and MPEP § 609 because the citation has no date. The applicant should know the date 
of publication of the NPL source cited since it is authored by the assignee of the applicant. 

It has been placed in the application file, but the information referred to therein has not been 
considered as to the merits. Applicant is advised that the date of any re-submission of any item of 
information contained in this information disclosure statement or the submission of any missing 
20 element(s) will be the date of submission for purposes of determining compliance with the requirements 
based on the time of filing the statement, including all certification requirements for statements under 37 
CFR 1.97(e). See MPEP § 609 U C(1). 



25 



Claim Objections 

Claim 7 is objected to because of the following informalities: the claim should read "selected from 
one of U.S. Mail, Courier Mail, and messenger". Appropriate correction is required. 
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Claim Rejections - 35 (JSC §103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all obviousness 

rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
5 forth in section 1 02 of this title, if the differences between the subject matter sought to be patented and 

the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

10 

Claims 1-22 are rejected under 35 U.S.C. 103(a) as being unpatentable over Mclaughlin, 
International Publication No. WO 00/01108, in view of Hagan, U.S. Patent Application Publication No. 
2001/0054155. 

15 As per claims 1 and 15, the applicant describes a method consisting of the following steps which 

are met by Mclaughlin in view of Hagan: 

a) exchanging digital certificates between the first organization and the second organization 
(Mclaughlin: page 16, lines 29-31); 

b) sending an authenticated and encrypted first message using the digital certificate from the first 
20 organization to the second organization, wherein the first message requests a virtual user ID for use by 

the end user (Mclaughlin: page 16, lines 29 to page 17, line 16); 

c) validating the digital certificate and decrypting the first message sent by the first organization at 
the second organization (Mclaughlin: page 16, lines 29 to page 17, line 16); 

d) responding to the first message by sending an authenticated and encrypted response 

25 message comprising an authorized virtual user ID from the second organization to the first organization 
(Mclaughlin: page 18, lines 1-10); 

e) authenticating the end user at the first organization (Hagan: [0061]); 

f) mapping an end user's user ID to the virtual user ID (Mclaughlin: page 18, lines 1-10; page 3, 
lines 21-27); 
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g) sending an authenticated and encrypted second message from the first organization to the 
second organization, the second message including a session initialization request (Mclaughlin: page 20, 
lines 19-29); 

h) replying to the second message at the second organization with an authenticated and 

5 encrypted reply message comprising a session ID (Mclaughlin: page 22, line 28 to page 23, line 7); 

The first organization is the client (Mclaughlin: 102 of Fig 1). The second organization is the 
intermediary system (Mclaughlin: 100 of Fig 1). Regarding parts b) and c), the message is the selected 
pseudonym and the authenticating certificate. The use of encryption and decryption of the message is 
present in the system because all communication between the client and the intermediary system is 
10 safeguarded by public key encryption to protect user's Ids and pseudonyms from being out in the open 
(page 1 1 , lines 26-29). Regarding part f, the end user's real ID is mapped to the virtual user ID 
(pseudonym) at the second organization. 

Mclaughlin teaches all the limitations of the above claim except for the limitation of authenticating 
the end user at the first organization because in Mclaughlin's system the end user is the first organization. 
15 Hagan discloses a system in which an end user logs on to a server and is authenticated at the server by 
anonymous authentication through a Web ID, password, or certificate from a trusted source. The server, 
which is maintained by an operator, provides services to the end user by contracting with another service 
provider such as a health plan administrator or other entity. 

Incorporating the ideas of Hagan would be easy. The client (Mclaughlin: 102 of Fig 1) could be 
20 the web server and the system (Mclaughlin: 100 of Fig 1) could be the other service providers. The user 
would simply log into the web server and the system would take place as disclosed by Mclaughlin and 
referenced in the lines above. 

It would have been obvious to one of ordinary skill in the art at the time the invention was filed to 
combine the ideas of Hagan with those of Mclaughlin because doing so allows for more organization in 
25 the system. Instead of a plurality of end users trying to connect to the system (Mclaughlin: 100 of Fig 1) 
and be authenticated and receive services as is the case in Mclaughlin, only one entity (a web server) 
connects to the system for services. This ensures greater security and more organization. 
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Regarding claim 15, the use of a first software routine stored on the memory of the first 
organization is disclosed by Mclaughlin (page 15, lines 25-27). Since the system (Mclaughlin: 100 of Fig 
1) generates an automatic response to the first organization's messages it is inherent that a second 
software routine is stored on the memory of the second organization. 

5 

As per claims 2 and 16, the applicant describes the method of claims 1 and 15, which are met by 
Mclaughlin in view of Hagan (see above), with the following limitations which are met by Mclaughlin: 

a) sending a subsequent authenticated and encrypted message from the first organization to the 
second organization requesting to modify the authorized virtual user ID for a specific end user 

10 (Mclaughlin: page 15, lines 4-12; Fig 2); 

b) acknowledging the subsequent message by sending a different authenticated and encrypted 
message from the second organization to the first organization including an appropriate virtual user ID for 
the specific end user (Mclaughlin: page 15, lines 4-12; Fig 2); 

The subsequent message referred to in part a) is the second message a first organization sends 
15 which is a request for a modified pseudonym if the first request already represents an authorized virtual 
user ID of another end user. If the second pseudonym is not already an authorized virtual user ID of 
another end user, the second organization sends the first organization a message saying that it's 
appropriate virtual user ID is the second pseudonym it requested. 



20 As per claims 3 and 17, the applicant describes the method of claims 1 and 15, which are met by 

Mclaughlin in view of Hagan (see above), with the following limitation which is met by Mclaughlin: 

Further comprising the step of monitoring the session ID to ensure that an end user's session 
does not become stale (Mclaughlin: page 22, lines 10-17). 

Monitoring the session ID is accomplished by issuing short expiration term keys which need to be 
25 refreshed if the user's session is on for a long time. 
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As per claims 4 and 18, the applicant describes the method of claims 1 and 15, which are met by 
Mclaughlin in view of Hagan (see above), with the following limitation which is met by Mclaughlin: 

Wherein the step of authenticating the end user at the first organization is performed after the end 
user logs on to a web server associated with the first organization (Mclaughlin: page 15, lines 23-25; Fig 
5 2). 

As per claims 5 and 19, the applicant describes the method of claims 1 and 15, which are met by 
Mclaughlin in view of Hagan (see above), with the following limitation which is met by Mclaughlin: 

Wherein the steps of sending the authenticated and encrypted first message, sending the 
10 authenticated and encrypted second message, responding to the first message by sending the 

authenticated and encrypted response message, and replying to the second message at the second 
organization with the authenticated and encrypted reply message, are performed using Public Key 
Infrastructure technology (Mclaughlin: page 11, lines 26-29). 



15 As per claims 6 and 7, the applicant describes the method of claims 1 and 6, which are met by 

Mclaughlin in view of Hagan (see above), with the following limitation which is met by Hagan: 

Wherein the step of exchanging digital certificates is performed via a manual process (Hagan: 

[0105]. 



20 As per claims 8 and 21, the applicant describes the method of claims 1 and 15, which are met by 

Mclaughlin in view of Hagan (see above), with the following limitation which is met by Hagan: 

Wherein the step of replying to the second message includes passing the session ID as a cookie 
(Hagan: [0084], [0011]). 



25 



As per claims 9 and 22, the applicant describes the method of claims 1 and 15, which are met by 
Mclaughlin in view of Hagan (see above), with the following limitation which is met by Mclaughlin: 
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Wherein the step of replying to the second message includes authorizing the end user for user of 
at least one application associated with the second organization (page 22, line 28 to page 23, line 7). 

As per claim 10, the applicant describes the method of claim 1 , which is met by Mclaughlin in 
view of Hagan (see above), with the following limitation which is met by Mclaughlin: 

Wherein the existence of the second organization remains hidden from the end user (Mclaughlin: 
Abstract); 

Mclaughlin never mentions that the end user, or client, knows that the second organization, or 
intermediary system, provides services to the end user by contracting with third party service providers. 
Furthermore, the end user, or client, is only in contact with the intermediary system, not the third party 
service providers. Thus, there is nothing in Mclaughlin disclosing that the end user knows the third party 
exists and there is nothing in Mclaughlin to preclude the situation where the intermediary system pretends 
like it is providing the services of the third party service providers. 

As per claims 11,12, and 13, the applicant describes the method of claims 1 and 11, which are 
met by Mclaughlin in view of Hagan (see above), with the following limitation which is met by Mclaughlin: 

Wherein the steps of sending the first and the second messages each further comprise the step 
of sending the first message or the second message over an electronic network (page 15, lines 23-25). 

As per claim 14, the applicant describes the method of claim 1, which is met by Mclaughlin in 
view of Hagan (see above), with the following limitation which is met by Mclaughlin: 

Wherein the first organization and the second organization are financial institutions (page 5, lines 

23-29). 

As per claim 20, the applicant describes the system of claim 15, which is met by Mclaughlin in 
view of Hagan (see above), with the following limitation which is met by Mclaughlin: 
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Wherein the first software routine is adapted to receive and store the first digital certificate and 
the second software routine is adapted to receive and store the second digital certificate (page 16, lines 
29 to page 17, line 16; page 21, lines 11-13); 

The first digital certificate is the user's authenticating signature received from an entity like a CA 
and stored on the end user's system. The second digital certificate is Certl, which is received on the 
intermediary system (second organization) and stored in order to authenticate the user and his 
pseudonym. 



Any inquiry concerning this communication or earlier communications from the examiner should 
be directed to Kevin Schubert whose telephone number is (571) 272-4239. The examiner can normally 
be reached on M-F 8:00-5:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, 
Andrew Caldwell can be reached on (571) 272-3868. The fax phone number for the organization where 
this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the Patent Application 
Information Retrieval (PAIR) system. Status information for published applications may be obtained from 
either Private PAIR or Public PAIR. Status information for unpublished applications is available through 
Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) 
at 866-217-9197 (toll-free). 
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SUPERVISORY PATENT EXAMINER 



